When a Citrix NetScaler is configured using a graphical interface a browser is used to connect to the Citrix NetScaler. Starting NetScaler release 10 a part of the configuration is migrated from Java Applets to HTML5, but most configuration are still depending on Java Applets.

When you open a more advanced configuration the Java Applet is loaded automatically., If it hangs at 1% “Downloading Applet…” you might want to read this article.If it hangs at 99% “Logging in” continue reading.

Logging in

After loading the Java Applet and trying to log in the following error is raised.

Login Failed - No Response from System. Please check your connection. (Connection timed out: connect)



In my case the Citrix NetScaler was placed in a different VLAN than my client was, the VLANs where separated by a firewall.

What is good to know is that for the normal GUI  communication is done via TCP port 80 for non-secure (HTTP) or TCP port 443 for secure (HTTPS). The Java Applet communicates uses different ports: TCP port 3008 for secure or TCP port 3010 for non-secure .


Source: Communication ports used by Citrix Technologies [PDF]


Port Query

To determine if your client could reach the port you can use Port Query GUI (provided by Microsoft – link). This standalone utility can verify if ports can be reached and tells you within seconds if this is the problem.

  • Specify the destination IP or FQDN of the NetScaler IP (NSIP)
  • Select query type Manually input query ports
    • Ports to query: 80,443,3008,3010
    • Protocol: TCP
  • Click on Query


The query should return LISTENING for port 80+3010 for non-secure communication or 443+3008 for secure communication.

Port Query

This example clearly shows that TCP port 3008 and 3010 are filtered by a firewall.




4 Reacties

  1. Nice troubleshooting Ingmar! This has been the case for all previous versions of the config utility too… Not just 10.x.

    1. Hi Marcel. Good! You? You’re right, I switched 3008 and 3010 in one place (luckely the image was good). Thanks for the feedback.

Geef een reactie

Het e-mailadres wordt niet gepubliceerd. Vereiste velden zijn gemarkeerd met *

Deze site gebruikt Akismet om spam te verminderen. Bekijk hoe je reactie-gegevens worden verwerkt.